Abstract: With the rapid development of cloud computing, data security has become a critical problem of cloud security, at the same time, the amount of cloud data storage and transmission is very huge and the safety requirements are very high. On the other hand, certificate-based cryptosystems can overcome the certificate manage problem in traditional public key cryptosystems and the private key escrow problem in identity-based cryptosystems, so it provides new ways for constructing effective PKI. But there are pairing operations in most current certificate-based encryption schemes, so the efficiencies of those schemes are low. Based on judging truncated Diffie-Hellman problem, it presents a certificate-based hybrid encryption scheme without pairings, which efficiency has been analyzed, and security has been proved. Scheme is a one-time-one-key encryption scheme based on key encapsulation algorithm, symmetric encryption algorithm and message authentication code algorithm. Analysis shows that the scheme is efficient and can resist adaptive chosen ciphertext attack, so it can be used in cloud computing environment.

Key words: hybrid encryption, certificate-based cryptosystems, standard model, cloud computing, without bilinear pairing

摘要： 随着云计算的快速发展，数据安全已成为云安全的一个关键问题，尤其是云中存储和传输的数据量巨大，对安全性要求较高。另一方面，基于证书密码体制克服了传统公钥密码体制的证书管理问题及基于身份密码体制的密钥托管问题，为构造安全高效的PKI提供了新的方法，但现有基于证书加密方案大都采用双线性对构造，计算效率较低。针对云计算环境，基于判定性缩减Diffie-Hellman难题，提出了一个不含对运算的基于证书混合加密方案，分析了安全性和效率。该方案是建立在密钥封装算法、对称加密算法、消息认证码算法基础上的一次一密型加密方案。分析表明，该方案在标准模型下可以抵抗适应性选择密文攻击，计算效率较高，适合于对云计算中安全性要求较高的长消息的加密。

关键词: 混合加密, 基于证书, 标准模型, 云计算, 不含双线性对